From c429d4a4ba2cc8778634461e8adea33e0f0ae022 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sun, 4 Apr 2010 15:41:31 +0200 Subject: Restrict export of device routes to the kernel protocol. In usual configuration, such export is already restricted with the aid of the direct protocol but there are some races that can circumvent it. This makes it harder to break kernel device routes. Also adds an option to disable this restriction. --- sysdep/bsd/krt-sock.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'sysdep/bsd') diff --git a/sysdep/bsd/krt-sock.c b/sysdep/bsd/krt-sock.c index 32c269d..d991ea1 100644 --- a/sysdep/bsd/krt-sock.c +++ b/sysdep/bsd/krt-sock.c @@ -40,10 +40,6 @@ krt_capable(rte *e) { rta *a = e->attrs; -#ifdef CONFIG_AUTO_ROUTES - if (a->source == RTS_DEVICE) - return 0; -#endif return a->cast == RTC_UNICAST && (a->dest == RTD_ROUTER @@ -163,7 +159,7 @@ krt_sock_send(int cmd, rte *e) #endif if(!i->addr) { - log(L_ERR "KIF: interface \"%s\" has no IP addess", i->name); + log(L_ERR "KRT: interface %s has no IP addess", i->name); return; } @@ -185,7 +181,7 @@ krt_sock_send(int cmd, rte *e) msg.rtm.rtm_msglen = l; if ((l = write(rt_sock, (char *)&msg, l)) < 0) { - log(L_ERR "KIF: Error sending route %I/%d to kernel", net->n.prefix, net->n.pxlen); + log(L_ERR "KRT: Error sending route %I/%d to kernel", net->n.prefix, net->n.pxlen); } } -- cgit v1.2.3